Welcome to my information security blog. I hope the information I publish and comments I provide can offer some insight, for better or worse, into current industry trends, technologies, and innovations.
One of the purposes for this blog is to encourage creative and constructive dialogue, so feel free to comment. If you do, please provide your name.
If you have any feedback or would like to contact me offline, don't hesitate to email me: mike[@]cloppert[.]org

2008-07-23

FlyClear passes privacy audit

In a recent press release, Verified Identity Pass, Inc. - commonly known to US air travelers as FlyClear - announced they had passed a four-month long audit of adherence to their own privacy commitments. This is a rare good-news story that acknowledges the significant concerns raised by privacy groups such as EPIC. To what end their own stated privacy commitments addresses those concerns I will leave to the advocates, but an important disclaimer from the audit report was left out of the press release.

...the projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the system or controls, the failure to make needed changes to the system or controls, or a deterioration in the degree of effectiveness of the controls.

I wouldn't even point this out if we were talking about anything but a government-sponsored program/company: periodic auditing is absolutely essential to ensure ongoing confidence in the program. The more consecutive audits passed, the greater public confidence grows. I haven't signed up for the program in part because I was concerned about the privacy of my data. This helps offset my reluctance. The effectiveness of the entire program, of course, is another topic altogether.

1 comment:

Cindy Rosenthal VP Media Relations
said...

Clear has now passed all consecutive privacy audits conducted since the first one conducted in 2006. We have just celebrated our third anniversary, with a 90% membership retention rate and about 200,000 sign ups. Clear cards are accepted in 18 US Airports with more on the way.I wanted to make sure to update your readers.

About Me

I have been employed in various information technology fields since 1997, and in information security since 2001. I have an undergrad degree in Computer Engineering from the University of Dayton, received various industry certifications (GCIA, GREM, GCFA, etc.), and am currently pursuing a MS in Computer Science from George Washington University. I have lectured on various information security topics to IEEE, internal organization-wide IT conferences, and the annual Department of Defense Cybercrime Convention. My international work experience consists of training on general information security topics and IDS design/implementation onsite in Egypt, Israel, and India, as well as providing incident response assistance in the Far East. I have been a contributing editor to incident response procedures for two major organizations, and have been involved in digital forensic investigations since 2001. Currently, my work consists of security-related research and development, covering topics from vulnerability and exploit reverse engineering to implementation of security technologies, as well as digital forensics for an enterprise Computer Incident Response Team.